This year will see ever more IFAs and financial services businesses
creating websites and that is a good thing. But they will also be venturing
into a world of security risks, data protection responsibility, copyright
and intellectual property issues, with risks of seeing their own material
stolen or misused or of inadvertently misusing somebody else's material.
Even reproducing an article like this on a website to illustrate a point
may result in an infringement of either the author's (as originator of the
material) or the publisher's copyright, or both. Because websites are
accessible, there is a high level of probability that any such material
will, sooner or later, be found by its rightful owner. So if material is to
be used, the copyright owner needs to be identified and asked.
But there is an even more serious risk in the other direction – that of
having material or data stolen from a website. It is not specifically a
financial services issue but, given the nature of financial services and
the type of client-relationship information held, there is a serious risk
to which financial services businesses, especially small ones, are uniquely
To an increasing extent, the things on which we place value are
intangible, known collectively as intellectual property. In the context of
an adviser, it may be the way advice is couched, the wording of a specific
idea or the method of achieving a particular end. Because intellectual
property is easy to copy, various protections have been devised.
Creative work can be copyrighted by simply appending the internationally
recognised © symbol to original work while designs and formulae can be
patented and corporate identifiers can be trademarked with the ® or
symbols following registration in a suitable jurisdiction.
Of course, some ideas or forms of words cannot be copyrighted and, while
those controls may have worked well enough in the past, e-commerce has
brought a whole new range of risks and possibilities to these issues.
What cannot be copyrighted but should be protected is any client-related
material for commercial reasons and because the holder of the information
is directly responsible for its safe-keeping under the 1998 Data Protection
Act which includes a range of penalties up to imprisonment for directors of
All data controllers must now register and all automated processing will
need to be compliant by the end of 2001. The 1998 Data Protection Act
establishes clear standards for what data is held and how it is kept and
processed. This extends to information gathered from people visiting a
website. All website owners and operators need to be clearly aware of the
implications of this for their own business.
Companies with marketing databases will have to seek permission to
maintain names on the database and must regularly check against the mail
and telephone preference services files to avoid unwanted contacts. One
massive change will be that the 1998 Act covers data held in manual or
paper systems so will entail a full vetting of every card in the card file
to ensure full compliance at all levels.
Furthermore, the internet, through the worldwide web, offers businesses of
all sizes the ability to project themselves around the world. However, to
do so means placing significant intellectual property into a digital format
from which it is relatively straightforward to capture and copy
information. This raises a number of issues.
Internet businesses and users can present an easy target. The real risk is
from hackers with criminal intent who aim to steal money or information for
selling on to a third party. Able to strike from any country they choose,
hackers are hard to track down and apprehend. Financial services sites are
likely to be targeted exactly because of the type of information they hold
about clients and prospects. With such a situation, the sensible thing is
to protect the business against attack in the first place.
The easiest security is housing the website separately from the main
systems and placing between the two a firewall computer. Only visitors with
the correct passwords will be allowed past the firewall into the main
system. For additional security, passwords can be encrypted using software
that creates a unique code when the password is first entered and shares
the coded version of the password only with the user's computer and the web
There is also a risk of counterfeiting or piracy. This can extend from the
theft of written material to the counterfeiting a website itself in order
to trick innocent “customers” into transmitting their financial or personal
details to the false site, from where the information can be applied for
Digitally stored material can be stolen with no loss of quality. For those
who wish to, it is also becoming easier to copy software from a site. And
the presence on the web of trademarked material in portable formats makes
it easy to download and copy trademarked elements for use elsewhere.
The problem is that not only does the criminal use copyright and
trademarked material to hoax genuine customers but also the genuine owner
of the material will get the blame for any subsequent losses even if only
because the customer will believe that security should have been tighter.
Two forms of protection are being developed to counter the threat of cyber
forgery and piracy. The first involves software to protect material from
being copied or to make it unusable if copied. Files and images put on to
the web can be “watermarked” by Electronic Copyright Management Systems in
a manner that will clearly show their origins at all times and will enable
legitimate owners to track down their copyright and trademarked material
wherever it is used on the web through a process similar to a web search.
Watermarking will even work where one sentence has been copied from a
document. Material can also be encrypted to make it indecipherable if
intercepted during transmission. Bigger files can be secured into virtual
envelopes allowing transmission and viewing with restrictions but no
copying without a further unlocking code.
The other protection is legal. This is patchy at present, with a number of
states refusing to sign treaties that will hinder their own counterfeit and
piracy industries. But international pressure and an increasing ability to
identify and isolate criminal sites are extending the reach of copyright
and intellectual property law.
National governments offer protection within their own jurisdictions and
the European Commission with the Council of Europe has embarked upon
programmes to protect intellectual property on the web within the EU. On a
global scale, the World Intellectual Property Organisation has laid down
international standards. But there are a number of hurdles still to be
cleared. In order for the various layers of legislation – global,
continental and national – to work, they must be harmonised and that will
take time. Also, if an infringement of intellectual property rights is
tracked down, the legitimate owner currently has to take action in the
country where the stolen property is found, usually one of the
All this may seem a million miles from the priorities of financial
services but only the reckless or Luddites will run the risk of ignoring
e-commerce security and intellectual property issues. It may cost them dear
in lost ideas, irate clients whose details have been taken and misapplied
or litigious owners of material they have used.
This year will see ever more IFAs and financial services businesses